[Script] [Video] fakeAP_pwn (v0.3)

[SecUpwN]

First things first: THANKS for developing this great script, g0tmi1k & joker5bb!

Seems like I almost get everything to work smoothly, maybe you'll be so kind to tell me how to resolve the following situation?
Problem: DNS forwarding doesn't seem to work. In your last post above you've stated joker5bb's solution, but I don't get it.

Further info (to eliminate questions):

* Script installed: current version 0.3 #127
* System used: BT 4 R2, full installation
* Installed & using: hostapd (seems to work just fine)
* Ping to 10.0.0.1: WORKS, hxxp://10.0.0.1 forwards victim to fake page, but any other address results in "Server not found"

g0tmi1k, I'd appreciate an update of your script to include joker5bb's solution for DNS fowarding - it clearly seems to me that this is the only issue I get (even when changing to airbase-ng). I'd love to finally run your script as it should, I've been struggling for weeks to find a remedy.

If there's some stuff you'd like me to test (or to even get DNS forwarding to work), tell me right away in this thread - I'll monitor it 24/7/365.

SecUpwN

[leg3nd]

Probably because its trying to direct to a non root URL such as "/newreply.php?p=192541&noquote=1" which does not exist on the apache server. I had the same problem with my script, and although I never actually implemented the idea, I believe you could setup apache to 404 redirect back to the root of the website.

[SecUpwN]

I had the same problem with my script, and although I never actually implemented the idea, I believe you could setup apache to 404 redirect back to the root of the website.

Thanks for telling me, leg3nd! How did YOU solve mentioned problem?
As well, I'd appreciate a step-by-step guide on how to set up Apache to 404 redirect back to the root of the website.

SecUpwN

[joker5bb]

Probably because its trying to direct to a non root URL such as "/newreply.php?p=192541&noquote=1" which does not exist on the apache server. I had the same problem with my script, and although I never actually implemented the idea, I believe you could setup apache to 404 redirect back to the root of the website.

that's already in setup in the script

[leg3nd]

that's already in setup in the script

Ah sorry, havn't looked through this script in a pretty long time.

It could be an issue with DNSspoof or iptables, but this script is pretty well safe-coded now so I doubt its script-side.

[SecUpwN]

that's already in setup in the script

Awesome, which values should I change/enable in the script then to resolve mentioned DNS error? Oh, and here's the LOG.

SecUpwN

[leg3nd]

Awesome, which values should I change/enable in the script then to resolve mentioned DNS error? Oh, and here's the LOG.

SecUpwN

It is already inside the apache virtual hosts file which is generated inside the script. It is automatically enabled.

[SecUpwN]

It is already inside the apache virtual hosts file which is generated inside the script. It is automatically enabled.

Fair enough, but I'm trying to figure out how to resolve the issue I described above.
Please take a look at my previously posted logfile and tell me exactly how to proceed in order to make DNS forwarding work as it should.

SecUpwN

[joker5bb]

Fair enough, but I'm trying to figure out how to resolve the issue I described above.
Please take a look at my previously posted logfile and tell me exactly how to proceed in order to make DNS forwarding work as it should.

SecUpwN

ok, well it's best you test it manually, below is a sample of commands for non-transparent mode

in /etc/apache2/sites-available
add to symlinks:

ErrorDocument 403 /index.html
ErrorDocument 404 /index.html

then reload apache

nano /etc/bind/named.conf

options {
directory "/var/cache/bind";
auth-nxdomain no;
recursion yes;
allow-recursion {any;};
allow-query {any;};
};
zone "." {
type master;
file "/etc/bind/db.root";
};

nano /etc/bind/db.root

$TTL 604800
@ IN SOA localhost. root.localhost. (
1337 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS 192.168.1.1
@ IN A 192.168.1.1
* IN A 192.168.1.1

nano dhcp.conf

ddns-update-style none;
ignore client-updates;
authoritative;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option domain-name-servers 192.168.1.1;

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.50 192.168.1.200;
}

Code:

sudo chmod 775 /var/run/
sudo /etc/init.d/apache2 start
sudo /etc/init.d/bind9 start 
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -F
sudo iptables -X
sudo iptables -Z
sudo ifconfig wlan0 192.168.1.1 netmask 255.255.255.0
route del default wlan0
sudo route add default gw 192.168.1.1 wlan0
sudo iptables -t nat -A PREROUTING -i wlan0 -j REDIRECT
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1

sudo dhcpd3 -d -f -cf dhcp.conf wlan0

then run hostapd or airbase-ng

[LegolasBilbao]

Thanks about the scripts, runs great!!!

But i have a doubt , how can i simulate a WEP AP?

thanks